No RASLANNETS Parameter Under Windows NT RAS

• Microsoft Windows NT operating system version 3.1
• Microsoft Windows NT Advanced Server version 3.1

The RASLANNETS parameter is not available in Remote Access Service (RAS) for Windows NT and Windows NT Advanced Server. Under Microsoft LAN Manager RAS, RASLANNETS can be used to indicate the LANs (local area networks) to be made visible to Remote Access clients. There is, however, a limited workaround available under Windows NT.

RAS has the ability to gateway frames from Remote Access clients onto LANs that the Remote Access server is running on. This feature is controlled by the NetBIOS gateway component. In LAN Manager RAS, the RASLANNETS parameter allows you to specify exactly which networks are to be made visible to Remote Access clients and which ones are to be restricted. This is a security feature. For example, in the LANMAN.INI file under the [REMOTEACCESS] section, you can specify which networks are available by simply listing their names on the RASLANNETS statement.

In RAS for Windows NT there is a new parameter that also deals with this security issue. The new NT Registry entry, NETBIOSGATEWAYENABLED, allows you to disable or enable the gateway component. If you disable it, then all access to the LAN is restricted for Remote Access clients; they are only able to access resources on the Remote Access server. This parameter is located in the Registry in the following subkey:

   SYSTEM\CurrentControlSet\Services\RemoteAccess\Parameters

This setting does not allow you to pick which protocols are enabled; you can either enable them all or disable them all. A limited workaround that allows you to get some of the RASLANNETS functionality in Windows NT follows.

To disable access to a protocol, you can unbind it from the NetBIOS interface. Because the RAS gateway is a NetBIOS gateway and communicates via NetBIOS commands, if a particular protocol is restricted from talking NetBIOS across its top level interface then it is cut off from the RAS gateway. This results in the gateway not being able to forward frames from the Remote Access client to the LAN.

To control protocol binding, choose the Network icon in Control Panel. Choose the Bindings button. The light bulb icon at the left of the each protocol indicates whether it is bound our not. (If the light is on, the protocol is bound.) For example: To prevent Remote Access clients from accessing TCP/IP servers on a LAN, select TCP/IP and choose the Disable button.

The only side effect of this workaround is that it disables the NetBIOS interface on that protocol for both Remote Access clients and LAN clients. Users cannot talk to the server using that protocol via NetBIOS. This only affects NetBIOS applications. It does not affect LAN Manager servers or workstations running on a Windows NT system. (LAN Manager running on Windows NT uses the TDI interface to talk to protocols, not the NetBIOS interface.)